Privacy policy

We use Privacy Icons. The text version is located directly below.
We process your financial data.
We process personal data that you provide to us.
We do not process location data about you.
We do not process biometric data about you.
We do not process any personal data that we have collected about you.
We do not share your personal data with other companies, which can decide for themselves how to use the data.
We do not use your personal data for any other purposes unrelated to the core service.
We do not sell your personal data.

Version: 11. Oktober 2023

1. Principle

The data encrypted by you with the Arcano application can only be decrypted again by the customer with his private key. We have no way to decrypt and read such data.

Our declared goal is to reduce the personal data we collect (hereinafter also referred to as "data") to a minimum. Insofar as we process personal data, we do so exclusively for the following purposes and adhere to the principles of legality, processing in good faith and transparency.

2. Name and address of the responsible persons

Arcano gmbh
Zentralstrasse 47
8003 Zürich

3. Data collection and purpose of use

When visiting the website.

When you visit our website, you transmit to the website server the IP address of your router. The server of our website is hosted by Exoscale AG, Boulevard de Grancy 19A , 1006 Lausanne (hereinafter referred to as hosting provider). For further data collected on the part of the hosting provider vis-à-vis you as the end customer, we refer to the privacy policy of the hosting provider at

When registering.

When you register to open an account, we store the data collected from you according to the form, so esp. the company, first name, name, zip code, city, country and email address. We use this data to process the contract and to provide the service. Then we take the liberty to inform you about new offers from us via the given e-mail address.

We use the payment service of Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, hereinafter stripe) for the processing of the payment. For the data stripe receives from your credit card provider, please refer to stripe's privacy policy at

We get access to the following data of the users from Stripe: date of successful payment, last 4 digits of the credit card, credit card used, origin of the payment, operating system used and browser used at registration

When using the service via an integration (e.g. iframe).

If you upload files to an external website via the iframe, the IP address of your router will be transmitted to the hosting provider. For further data collected on the part of the hosting provider towards you as the end customer, we refer to the privacy policy of the hosting provider at

4. Rights as a data subject

If your personal data is processed, you have - insofar as you are affected within the meaning of the EU-DSGVO - the following rights towards the responsible person or persons: Right to information, right to rectification, right to restriction of processing, right to erasure, right to Notification, right to object and right to data portability (Art. 15ff DSGVO).Contact us via if you have a request or a question about processing. We will be happy to process your request.

5. Duration of data collection

We retain the personal data collected under section 3 only as long as this is necessary for the specified purpose. Longer legal storage obligations are reserved. This applies in particular to billing and payment data of the customer.

6. Order processing

Arcano GmbH processes personal data of customers of Arcano (hereinafter referred to as account customers) only for its own purposes (clause 3). Arcano GmbH does not process any personal data on behalf of account customers. Insofar as customers or interested persons of account customers (hereinafter referred to as third party customers) transmit factual or personal data to account customers via Arcano or personal data to third party customers via Arcano or vice versa, this takes place in each case end-to-end encrypted, whereby the decryption of the data only takes place at the recipient's (account client or third-party customer).